PostgreSQL 2009-12-14 Security Update

Posted on 2009-12-14

The PostgreSQL Project today released minor versions updating all active branches of the PostgreSQL object-relational database system, including versions 8.4.2, 8.3.9, 8.2.15, 8.1.19, 8.0.23, and 7.4.27. This release fixes one moderate-risk and one low-risk security issue: an SSL authentication issue, and a privilege escalation issue with expression indexes. All PostgreSQL database administrators are urged to update your version of PostgreSQL at the earliest opportunity.

There are also 48 other bug fixes in this release, many of which apply only to version 8.4, and a few of which are specifically for Windows. While these are generally fixes for minor issues, among the changes are:

Prevent hash index corruption

Update time zone data for 9 regions

Fix permissions-related startup issue on Windows

Prevent server restart if a VACUUM FULL is killed

Correct cache initialization startup bug

See the release notes for a full list of changes with details.

As with other minor releases, users are not required to dump and reload their database in order to apply this update release; you may simply shut down PostgreSQL and update its binaries. However, users who have hash indexes will want to run REINDEX after updating in order to repair any existing index damage. Users skipping more than one update may need to check the release notes for extra, post-update steps.